Expected behaviour

The flow goes through

Actual behaviour

Authentication page returns an error

What are the steps to reproduce this issue?

Create an azure active directory app registration, and try to use it.

Any other comments?

This problem is due to the fact that the default scopes requested by social core,

, ['openid', 'profile', 'user_impersonation', 'email'] which are azure AD graph permissions, are deprecated and no longer usable since june 2022.

I fixed it by replacing these scopes with the new microsoft graph : ['user.read'].

This isn't the only issue, i also faced a really strange issue when the lib attempts to decode the JWT returned. They ... do not contain a signature ?
This issue seems exclusive to tenant auth. It happens exactly here :

, KeyError: 'kid'. Here is what is returned by get_unverified_header : {'typ': 'JWT', 'alg': 'none'}, and when printing the id_token it seems to simply not hold a signature. I cannot show it since it contains personal data, but it has the header and the body separated by a period, and another trailing period after the body.